On 2011-03-29 12:26, Indunil Jayasooriya wrote:
On Tue, Mar 29, 2011 at 3:32 PM, Leslie Jensen<leslie@xxxxxxx> wrote:
Hello list.
I've used squid together with pf for a while on a Freebsd 7.2-RELEASE
machine.
I've now installed Freebsd 8.2-RELEASE on new hardware and I'm using my
config from the 7.2 machine.
My problem is that squid is not working with transparency. The browser
traffic goes directly to the Internet.
Setting proxy in the browser works, so I believe squid is ok.
My question is about which build options I must use?
I've used the following:
SQUID_KERB_AUTH X (ON)
SQUID_NIS_AUTH X (ON)
SQUID_IPV6 (Default) X (ON)
SQUID_DELAY_POOLS X (ON)
SQUID_SNMP X (ON)
SQUID_HTCP (CARP?) X (ON)
SQUID_WCCP X (ON)
SQUID_IDENT (OFF)
SQUID_IPFW X (ON)
SQUID_PF X (ON)
SQUID_AUFS (Default) X (ON)
SQUID_KQUEUE X (ON)
Then I found this
https://wiki.andrewmercer.net/index.php/Squid_-_Transparent_Proxy
Where he suggests that even
SQUID_IPFILTER X (ON)
Should be activated.
I recompiled Squid3.1 with the above and now I get an error which I can
understand because I do not have IPFilter installed/active.
____________________________________
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:44| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
_____________________________________
So when only pf is used, must I compile squid with IPFILTER and IPFW ?
Thanks
/Leslie
Pls see below Urls
http://forums.freebsd.org/showthread.php?t=16917
http://forums.freebsd.org/showthread.php?t=14889
http://forums.freebsd.org/showthread.php?t=10874
Thank you!
I've seen those links and they suggest compiling with PF and IPFW.
But as I wrote it does not work so I'm wondering if IPFILTER should be
used. If not I'm back on square one.
As you can see below I have used more options and maybe it is to much.
squid -v
Squid Cache: Version 3.1.11
configure options: '--with-default-user=squid'
'--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin'
'--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid'
'--localstatedir=/var/squid' '--sysconfdir=/usr/local/etc/squid'
'--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid'
'--enable-removal-policies=lru heap' '--disable-linux-netfilter'
'--disable-linux-tproxy' '--disable-epoll' '--disable-translation'
'--enable-auth=basic digest negotiate ntlm'
'--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB squid_radius_auth YP'
'--enable-digest-auth-helpers=password'
'--enable-external-acl-helpers=ip_user session unix_group wbinfo_group'
'--enable-ntlm-auth-helpers=smb_lm'
'--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-storeio=ufs
diskd aufs' '--enable-disk-io=AIO Blocking DiskDaemon DiskThreads'
'--enable-delay-pools' '--enable-ipfw-transparent'
'--enable-pf-transparent' '--enable-ipf-transparent' '--disable-ecap'
'--disable-loadable-modules' '--enable-kqueue' '--prefix=/usr/local'
'--mandir=/usr/local/man' '--infodir=/usr/local/info/'
'--build=amd64-portbld-freebsd8.2'
'build_alias=amd64-portbld-freebsd8.2' 'CC=cc' 'CFLAGS=-O2 -pipe
-fno-strict-aliasing' 'LDFLAGS=' 'CPPFLAGS=' 'CXX=c++' 'CXXFLAGS=-O2
-pipe -fno-strict-aliasing' 'CPP=cpp'
--with-squid=/usr/ports/www/squid31/work/squid-3.1.11
--enable-ltdl-convenience
Do you have any suggestions?
/Leslie